Awesome

The 7 Phase Vulnerability Assessment Framework:

##Table of Contents

• 01 | [Engagement Planning] (Engagement Planning/README.md)
• 02 | [Threat Modeling] (Threat Modeling/README.md)
• 03 | [Discovery] (Discovery/README.md)
• 04 | [Vulnerability Scanning] (Vulnerability Scanning/README.md)
• 05 | [Validation] (Validation/README.md)
• 06 | [Remediation] (Remediation/README.md)
• 07 | [Reporting] (Reporting/README.md)

##Framework Goals & Objectives: Products: Threat Assessment, Target Matrix, Vulnerability Report, Vulnerability Assessment, Remediation Plan, Vulnerability Assessment Report, Continuous Vulnerability Assessment & Remediation Plan

• 01 | Engagement Planning
• Goal: Identify quick wins (make your job easier, net maps, etc) // Build tight scope // Focus in on the value proposition // Don’t break the law
• Tasks:
• 02 | Threat Modeling
• Goal: Target Intel to Identify threats and start the risk equation, ensure effort yields maximum impact Develop Threat Assessment
• Tasks: Gather OSINT // Gather Threat Data // Assess Industry specific threats // Assess threats affecting organizational critical information // Assess threats affecting organizational critical business processes
• 03 | Discovery
• Goal: Find all the things Develop Target Matrix
• Tasks: Recon & Enumeration
• 04 | Vulnerability Scanning
• Goal: Identify all services, configurations, patch/hotfixes, and correlate to potential vulnerabilities Develop Vulnerability Report
• Tasks: Baselining, Tuning, Compliance, Port Scanning, Baseline comparison, Service specific vulnerability scanning (network vuln scanning), Host by host vulnerability scanning (auth scans/powershell/etc)
• 05 | Validation Goal: Validate identified vulnerabilities for accuracy, relate to threat assessment, calculate organizational risk, and triage Develop Vulnerability Assessment Develop Remediation Plan
• Tasks: Validate, relate to threat, calculate organizational risk, triage
• 06 | Remediation Goal: Clear environment of prioritized vulnerabilities Develop Target Matrix v2 (to assess vulnerabilities and ascertain positive mitigation status)
• Tasks: Clear environment of prioritized vulnerabilities
• 07 | Reporting
• Goal: Report to management, facilitate organizational understanding of cybersecurity risk Develop Vulnerability Assessment Report Develop Continuous Vulnerability Assessment & Remediation Plan
• Tasks: Compile and Deliver Report

##Vulnerability Lifecycle Discovery <-> Scanning -> Validation -> Remediation (diagram)